This module implements Ueli Maurer's algorithm for generating large
provable primes and secure parameters for public-key cryptosystems. The
generated primes are almost uniformly distributed over the set of primes of
the specified bitsize and expected time for generation is less than the time
required for generating a pseudo-prime of the same size with Miller-Rabin
tests. Detailed description and running time analysis of the algorithm can
be found in Maurer's paper[1].

Crypt::Primes is a pure perl implementation. It uses Math::Pari for
multiple precision integer arithmetic and number theoretic functions.
Random numbers are gathered with Crypt::Random, a perl interface to
/dev/u?random devices found on most modern Unix operating systems.

Generates a prime number of the specified bitsize. Takes a hash as
parameter and returns a Math::Pari object (prime number) or a hash reference
(prime number and generator) when group generator computation is requested.
Following hash keys are understood:

When Generator key is set to a non-zero value, a group generator of Z*(n) is
computed. Group generators are required key material in public-key
cryptosystems like Elgamal and Diffie-Hellman that are based on
intractability of the discrete logarithm problem. When this option is
present, maurer() returns a hash reference that contains two keys, Prime and
Generator.

When set to 1, maurer() stores intermediate primes in a class array, and
ensures they are not used during construction of primes in the future calls
to maurer() with Reprime => 1. This is used by rsaparams().

When set to 1, maurer() returns a hash reference that contains
(corresponding to the key 'Factors') a reference to an array of
factors of p-1 where p is the prime generated, and also (corresponding
to the key 'R') a divisor of p.

Performs trial division on $n to ensure it's not divisible by any prime
smaller than or equal to $limit. The module maintains a lookup table of
primes (from 2 to 65521) for this purpose. If $limit is not provided, a
suitable value is computed automatically. trialdiv() is used by maurer() to
weed out composite random numbers before performing computationally
intensive modular exponentiation tests. It is, however, documented should
you need to use it directly.

This module implements a modified FastPrime, as described in [1], to
facilitate group generator computation. (Refer to [1] and [2] for
description and pseudo-code of FastPrime). The modification involves
introduction of an additional constraint on relative size r of q. While
computing r, we ensure k * r is always greater than maxfact, where maxfact
is the bitsize of the largest number we can factor easily. This value
defaults to 140 bits. As a result, R is always smaller than maxfact, which
allows us to get a complete factorization of 2Rq and use it to find a
generator of the cyclic group Z*(2Rq).

Maurer's algorithm generates primes of progressively larger bitsize using
a recursive construction method. The algorithm enters recursion with a
prime number and bitsize of the next prime to be generated. (Bitsizes of
the intermediate primes are computed using a probability distribution that
ensures generated primes are sufficiently random.) This recursion can be
distributed over multiple machines, participating in a competitive
computation model, to achieve close to best running time of the algorithm.
Support for this will be implemented some day, possibly when the next
version of Penguin hits CPAN.